LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Firewall/Router, building my own server, plz review list (https://www.linuxquestions.org/questions/linux-security-4/firewall-router-building-my-own-server-plz-review-list-63538/)

awbassett1 06-03-2003 09:34 PM
Firewall/Router, building my own server, plz review list
 
I have been experimenting with linux-distros that act as routers and firewalls. The best one I've found is clarkconnect (supports scsi), but I'd like to build my own. I downloaded the Mandrake 9.1 isos, and started compiling a list of things I'd need. Basically, My setup is a server with 2 NIC's..one to the outside world and one to my network (10.0.0.*). I want the server to act as a firewall and route, webserv..etc..these are the packages I've come up with so far. I will need to run NAT obviously, as I only have one ip.

iptables - i can do port forwarding and open up incoming ports right?
ipmasquerading (do i need both iptables and ipmasquerading?)
apache
webalizer/awstats--any recommendations to which one??
webmin
SSH
ProFTP
Samba

I'm also going to be running a netware 6.5 server to do: DNS/DHCP
iFolder
Netstorage
iManager
iPrint

And then I'm going to build a w2k server to run my webcam, i use a program called webcamxp (for those of you who dont use it, you should, its awesome) to host my cam.

Is Mandrake 9.1 my best bet in this endeavor? Please let me know, I appreciate everyone's help. Thanks in advance!

awbassett1 06-03-2003 09:40 PM
Just thought I'd add..I'm also running groupwise 6.5 on the netware box....

Robert0380 06-03-2003 10:32 PM
no you dont need ipmasquerading if you have iptables installed, to nat with iptables u do something like the following:

iptables -A POSTROUTING -t nat -s $LAN -d ! $LAN -j SNAT --to $WAN_IP

where $LAN = 10.0.0.0/24, ! $LAN is the internet in your case and $WAN_IP is the ipaddress given to you by your isp. If your ip isnt static, then you simply change the end to:

-j MASQUERADE everything before the -j can stay the same.

Robert0380 06-03-2003 10:35 PM
also i'd recommend against straight ftp, i'd make all file transfers and remote logins secure by doing it all over ssh, if you have sshd running you can use scp (windows machines can use WinSCP) or sftp (windows machines can use the SSH option when doing FTP and connect to port 22 on your FTP server).

hornet 06-03-2003 11:16 PM
you may also want sql databases, mysql works a treat :)

awbassett1 06-05-2003 03:17 PM
I dont have any need for SQL, but about ftp.. I decided not to even use it at all. I can use iFolder instead. With concerns about being hacked, who knows how to hack any novell products anyways....I have been reading about iptables, its pretty confusing. Does anyone have any links to basic guides/how-to's.. I'm a netware person, im new to the linux world, this stuff is somewhat confusing to me. Thanks again

unSpawn 06-06-2003 05:23 AM
I have been reading about iptables, its pretty confusing. Does anyone have any links to basic guides/how-to's

Check out the LQ FAQ: Security references, post #2.


All times are GMT -5. The time now is 07:34 PM.